tests/test-hgweb-raw.t
author Matt Mackall <mpm@selenic.com>
Sun, 31 Jul 2011 01:46:52 +0200
branchstable
changeset 15004 d06b9c55ddab
parent 13962 8b252e826c68
child 15446 c5c9ca3719f9
permissions -rw-r--r--
hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923) Before: hgweb made it possible to download file content with a content type detected from the file extension. It would serve .html files as text/html and could thus cause XSS vulnerabilities if the web site had any kind of session authorization and the repository content wasn't fully trusted. Now: all files default to "application/binary", which all important browsers will refuse to treat as text/html. See the table here: https://code.google.com/p/browsersec/wiki/Part2#Survey_of_content_sniffing_behaviors
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
12441
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     1
Test raw style of hgweb
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     2
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     3
  $ hg init test
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     4
  $ cd test
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     5
  $ mkdir sub
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     6
  $ cat >'sub/some "text".txt' <<ENDSOME
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     7
  > This is just some random text
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     8
  > that will go inside the file and take a few lines.
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
     9
  > It is very boring to read, but computers don't
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    10
  > care about things like that.
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    11
  > ENDSOME
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    12
  $ hg add 'sub/some "text".txt'
13962
8b252e826c68 add: introduce a warning message for non-portable filenames (issue2756) (BC)
Adrian Buehlmann <adrian@cadifra.com>
parents: 12441
diff changeset
    13
  warning: filename contains '"', which is reserved on Windows: 'sub/some "text".txt'
12441
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    14
  $ hg commit -d "1 0" -m "Just some text"
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    15
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    16
  $ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid
2532
84655f721f39 Add a test for getting raw files via the web UI.
Eric Hopper <hopper@omnifarious.org>
parents:
diff changeset
    17
12441
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    18
  $ cat hg.pid >> $DAEMON_PIDS
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    19
  $ ("$TESTDIR/get-with-headers.py" localhost:$HGPORT '/?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw' content-type content-length content-disposition) >getoutput.txt &
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    20
  $ sleep 5
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    21
  $ kill `cat hg.pid`
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    22
  $ sleep 1 # wait for server to scream and die
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    23
  $ cat getoutput.txt
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    24
  200 Script output follows
15004
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    25
  content-type: application/binary
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    26
  content-length: 157
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    27
  content-disposition: inline; filename="some \"text\".txt"
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    28
  
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    29
  This is just some random text
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    30
  that will go inside the file and take a few lines.
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    31
  It is very boring to read, but computers don't
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    32
  care about things like that.
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    33
  $ cat access.log error.log
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    34
  127.0.0.1 - - [*] "GET /?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw HTTP/1.1" 200 - (glob)
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    35
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    36
  $ rm access.log error.log
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    37
  $ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid \
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    38
  > --config web.guessmime=True
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    39
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    40
  $ cat hg.pid >> $DAEMON_PIDS
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    41
  $ ("$TESTDIR/get-with-headers.py" localhost:$HGPORT '/?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw' content-type content-length content-disposition) >getoutput.txt &
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    42
  $ sleep 5
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    43
  $ kill `cat hg.pid`
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    44
  $ sleep 1 # wait for server to scream and die
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    45
  $ cat getoutput.txt
d06b9c55ddab hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
Matt Mackall <mpm@selenic.com>
parents: 13962
diff changeset
    46
  200 Script output follows
12441
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    47
  content-type: text/plain; charset="ascii"
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    48
  content-length: 157
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    49
  content-disposition: inline; filename="some \"text\".txt"
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    50
  
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    51
  This is just some random text
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    52
  that will go inside the file and take a few lines.
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    53
  It is very boring to read, but computers don't
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    54
  care about things like that.
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    55
  $ cat access.log error.log
cb1e33a41d13 tests: unify test-hgweb-raw
Matt Mackall <mpm@selenic.com>
parents: 11617
diff changeset
    56
  127.0.0.1 - - [*] "GET /?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw HTTP/1.1" 200 - (glob)
2532
84655f721f39 Add a test for getting raw files via the web UI.
Eric Hopper <hopper@omnifarious.org>
parents:
diff changeset
    57